Re: [Sks-devel] sks pool membership registration

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] sks pool membership registration

From:	Phil Pennock
Subject:	Re: [Sks-devel] sks pool membership registration
Date:	Wed, 26 Jun 2013 15:48:47 -0400

On 2013-06-26 at 14:20 -0400, Daniel Kahn Gillmor wrote:
> kristian, you're doing a much-appreciated job maintaining the SKS pools.
>  I was wondering if you'd consider allowing members of the pool(s) to
> register an e-mail address associated with their server, to receive
> notifications when their server gets ejected from the pool.
> 
> For example, i'd like to be able to communicate with you (out of band,
> perhaps) and say "my keyserver, zimmermann.mayfirst.org, belongs in the
> ha pool.  please have your system send me an alert if it gets removed
> from that pool".
> 
> I can poll/scrape https://sks-keyservers.net/status/ of course, but that
> seems like it might be suboptimal -- scraping seems prone to failure,
> and polling seems both laggy and potentially excessive in use of bandwidth.
> 
> any thoughts on the best way to encourage notification for operators who
> want to get this sort of thing?

We added "Server contact:" to the stats page, configured by
"server_contact:" in sksconf, which lets folks set the PGP keyid of the
operator, without directly putting email addresses into a scrapeable
page, and Kristian collects that already, showing it as address@hidden after 
some
server names.

Perhaps we should add a "pool_policy:" statement, which applies to
everyone running any kind of pool, with a very simple grammar?

Space separated keywords or key=value pairs?  Keywords and keys
case-insensitive?

 Keyword: skip
 Action:  takes precedence over any other keyword encountered, do not
          include in pools

 Keyword: hkp-only
 Action:  do not poll for hkps connectivity, do not try to include in
          pool; takes precedence over hkpsport.

 Key:     hkpsport=11373
 Action:  HKPS service offered, any SRV records should reference this
          port; if port is not 443, do not include in non-SRV pool
          definitions.

 Key:     monitoruid=2
 Action:  On notifiable event, please send an email to the Nth-oldest
          (2nd-oldest in example) uid present on the key found via
          server_contact.  Counting includes revoked uids.

That's off the top of my head, for a strawman proposal.  Feel free to
point out the many and varied ways in which this proposal sucks.

-Phil

pgpQ8biSNaSJp.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] sks pool membership registration, Daniel Kahn Gillmor, 2013/06/26
- Re: [Sks-devel] sks pool membership registration, Phil Pennock <=
  - Re: [Sks-devel] sks pool membership registration, Daniel Kahn Gillmor, 2013/06/26
    - Re: [Sks-devel] sks pool membership registration, Kristian Fiskerstrand, 2013/06/26
    - Re: [Sks-devel] sks pool membership registration, Phil Pennock, 2013/06/26
    - Re: [Sks-devel] sks pool membership registration, Kristian Fiskerstrand, 2013/06/26
    - Re: [Sks-devel] sks pool membership registration, Phil Pennock, 2013/06/26
  - Re: [Sks-devel] sks pool membership registration, Kristian Fiskerstrand, 2013/06/26

Prev by Date: [Sks-devel] sks pool membership registration
Next by Date: Re: [Sks-devel] sks pool membership registration
Previous by thread: [Sks-devel] sks pool membership registration
Next by thread: Re: [Sks-devel] sks pool membership registration
Index(es):
- Date
- Thread